<div dir="ltr">This definitely isn't an SELinux issue on my end. I've also seen Varnish work fine with SELinux (after policy updates as Dridi mentioned).<br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 20, 2017 at 4:43 PM, Dridi Boukelmoune <span dir="ltr"><<a href="mailto:dridi@varni.sh" target="_blank">dridi@varni.sh</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Mon, Feb 20, 2017 at 11:25 PM, Daniel Parthey <<a href="mailto:pada@posteo.de">pada@posteo.de</a>> wrote:<br>
> It might be an SElinux Problem. Varnish 4.1.3 seems incompatible with the<br>
> default SELinux Rules on CentOS. We ran into problems with child workers<br>
> when selinux was enabled.<br>
<br>
</span>I don't think it's related to SELinux. The main problem with<br>
CentOS/Red Hat/Fedora is the SELinux policy shipped by those<br>
distributions. They give very little margin and it becomes easy to<br>
make a change in your configuration that ends up rejected. At the<br>
same time conservative defaults give a smaller attack surface...<br>
<span class=""><br>
> setenforce 0<br>
> service varnish restart<br>
><br>
> and for permanent boot-safe change:<br>
><br>
> /etc/sysconfig/selinux<br>
> selinux=disabled<br>
<br>
</span>This is _not_ how you solve SELinux problems. You switch to<br>
permissive, collect audit logs while running offending software,<br>
update the policy and switch back to enforcing.<br>
<span class=""><br>
> Might make varnish more stable.<br>
><br>
> Not sure why the default CentOS Policy (at least on CentOS 7) affect varnish<br>
> master/child communications.<br>
<br>
</span>It should not, I'd like to see evidence that this is happening. Please<br>
open a github issue on the pkg-varnish-cache project if you manage<br>
to reproduce it and let us know how.<br>
<span class="HOEnZb"><font color="#888888"><br>
Dridi<br>
</font></span></blockquote></div><br></div></div>